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What is DevOps? 


DevOps ensures the collaboration between the teams (development and 
operations) by eliminating the common challenges they face while following 
other traditional models, say Waterfall Model. DevOps aims at shortening the 
systems development life cycle while delivering features, fixes, and updates ata 
faster pace In close alignment with business objectives. 
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What is DevSecOps? 


It was introduced for integrating security extension with DevOps approach. 
Hence DevSecOps approach involves creating a ‘Security as Code’ culture with 
ongoing, flexible collaboration between security engineers and security teams. 
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Different DevSecOps Process 


$ Version Control, Metadata and Orchestration 


» Integration of Processes 


& Security Tooling in Cl/CD 


$ Compliance 


2 Security Architecture 


P Incident Management 
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Security integration in CI/CD methodology 


Continuous Integration (Cl), a set of processes defined as a part of a pipeline 
called ‘Build Pipeline’. 

Continuous Delivery (CD), an extension of Continuous Integration (Cl) that 
ensures new releases are to be delivered in a sustainable way. 


Organizations can bring security into CI/CD by integrating various security tools 
to the existing pipeline. 


Layer #1 - The developer has an opportunity to avoid 
introducing a security vulnerability in their IDE. 


Commit Production 


Layer #3 - Automatic dynamic scanning of the application 
detects the same vulnerability if it gets this far. 


Layer #4 — Continuous Monitoring & Vulnerability 
Management detects the exposed vulnerability. Add 
comprehensive Manual Pen Test and Infrastructure Scan. 
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Layer #2 — Static code analysis triggered by the code 
commit action identifies the vulnerability build fails. 


SAST (Static Application Security Testing) 


SAST process analyzes source code to find security vulnerabilities in the 
application before the code is compiled. SAST can be automated and integrated 
to the build pipelina in CIZCD nhaca 
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DAST (Dynamic Application Security Testing) 


DAST helps you to identify the vulnerabilities when the application is running and is 
accessible to the tester as a normal application user. 


Grey Box methodology can be used here where the tester has access to application 
with valid user credentials and test coverage can be ensured for all the pages. 
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Container Security Scanning 


Container environment is dynamic and multiple containers spun up and down in 
various phases of the software release lifecycle in an automated way. The 
lifetime of a container may vary from few li to days. 
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Challenges in Container Security 


e Vulnerability Assessment 

e Access Controls 

e Secure Configuration and Hardenings 

e Real-time visibility and control of the container runtime environment 
e Auditing and Logging 


e Secret Management 
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Continuous Security 


Thank You 
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